Host Identification and Location Decoupling a Comparison of Approaches
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Host Identification and Location Decoupling a Comparison of Approaches

  • 1,225 views
Uploaded on

The increasing proliferation of mobile devices with Internet access contributed to clarify some important limitations of TCP/IP stack regarding mobility, multihoming, traceability and security. In......

The increasing proliferation of mobile devices with Internet access contributed to clarify some important limitations of TCP/IP stack regarding mobility, multihoming, traceability and security. In its original design, Internet IP addresses were overloaded to simultaneously support host identification (ID) and location (Loc). As a consequence, application functionality can be affected when IP addresses are changed to update mobile nodes location. This dual functionality causes many problems in the current Internet, especially in supporting mobility. To deal with this limitations several solutions based on the idea of ID/Loc splitting have been proposed. In this position paper we present and compare some of them, summarizing their main features and limitations. We also identify opportunities and challenges for future research in the area as well as expected impacts/relations with other Future Internet aspects.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,225
On Slideshare
1,208
From Embeds
17
Number of Embeds
3

Actions

Shares
Downloads
27
Comments
0
Likes
0

Embeds 17

http://antonioalberti.blogspot.com 13
http://alberti.inatel.br 3
http://www.inatel.br 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Host Identification and Location Decoupling: A Comparison of Approaches Bruno Magalhães Martins Antônio Marcos Alberti Instituto Nacional de Telecomunicações - Inatel Instituto Nacional de Telecomunicações - Inatel P.O. Box 05 - 37540-000 P.O. Box 05 - 37540-000 Santa Rita do Sapucaí - MG - Brazil Santa Rita do Sapucaí - MG - Brazil brunom@mtel.inatel.br alberti@inatel.br Abstract - The increasing proliferation of mobile devices with finally the traceability of users and their terminals in the case Internet access contributed to clarify some important limitations of of misconduct actions [2]. TCP/IP stack regarding mobility, multihoming, traceability and Multihoming means to have multiple simultaneous access security. In its original design, Internet IP addresses were connections for a network or host. Therefore, multiple overloaded to simultaneously support host identification (ID) and location (Loc). As a consequence, application functionality can be locators must be used for the same network or host, at the affected when IP addresses are changed to update mobile nodes same time. It enables access redundancy, load balancing and location. This dual functionality causes many problems in the adequate provider selection. current Internet, especially in supporting mobility. To deal with With ID/Loc splitting, IDs are used by the application and this limitations several solutions based on the idea of ID/Loc transport layers to identify a node, while the locators are used splitting have been proposed. In this position paper we present and by network layer to logically locate them in the topology and compare some of them, summarizing their main features and route packets to/from the nodes. Based on this principle, limitations. We also identify opportunities and challenges for several approaches were proposed in literature and standards. future research in the area as well as expected impacts/relations with other Future Internet aspects. In this scenario, this paper aims to present, analyze qualitatively and discuss some of the ID/Loc splitting Keywords– ID/Loc splitting, mobility, location, identification, approaches, identifying opportunities for future research andmultihoming. summarizing their main features and limitations. The remaining of this paper is organized as follows. I. INTRODUCTION Section II presents some protocols and architectures for ID/Loc splitting; Section III discusses them, summarizing The Internet is underpinned by principles established for over their main features and limitations; finally, in Section IV we40 years, when memory resources, processing and conclude the paper.communication were very limited. Its tremendous success anddiversity of applications have made claims far beyond for what II. PROTOCOLS AND ARCHITECTURES FOR ID/LOC SPLITTINGit was originally proposed. Its popularization in environmentsquite different from the time of its conception has placed in There exists several protocols and architectures for hostevidence many of its limitations, specially regarding scalability, ID/Loc splitting. The great majority is based in IP protocol.mobility, multicast, multihoming, content distribution, unique The Mobile IP, HIP (Host Identity Protocol), LISP (Locatoridentification and location of physical and logical network ID Separation Protocol) and MILSA (Mobility andentities [1]. In general, the solution of these problems has been Multihoming Supporting Identifier Locator Splitto create new protocols to patch the architecture. However, this Architecture) are approaches that frequently appear inapproach has created a veritable "patchwork", which hinders literature.the development of the network, preventing more meaningful A. Mobile IPsolutions to existing problems. One of the main causes of these problems is the overload of The Mobile IP [3] (RFC-3344) was standardized by IETFIP addresses, since IP-based networks use a single address for (Internet Engineering Task Force) as an approach to provideboth identification and location of hosts on the network. That is, IP devices mobility. The core idea is to designate two IPthe IP address has dual functionality. addresses for every device: (i) the home-address, which is a Ensuring mobility is a major challenge when designing a new static address that works as an ID for the node at thegeneration network, i.e. ensuring that users can move not only application layer; and (ii) the care-of-address, which locateswithin your local network, but also change the access network the node at the network layer. The latter is dynamicallywithout loss of connectivity. Besides the logical coupling associated to node according to its current location on thebetween hosts identifiers and locators, other challenges for network.mobility support are the management of mobile devices The approach defines two basic components in thelocation data, the routing of packets to/from these devices, architecture: the local agent and the foreign agent, which aresignaling the change from a home network to a visited one, and responsible to attribute respectively the home-address and the care-of-address. A mobile device receives periodic
  • 2. notification from an agent. It deduces it changed network when topology.it stops to receive notifications from a local agent and it starts to Also, according to [8], the main idea of HIP is to create areceive notifications from a foreign agent [4]. new namespace between network and transport layers of The data sent to the Mobile Node (MN) are intercepted by the current Internet. This new layer – host identification layer –local agent, which is responsible to store its current location. uses a host identifier (HI) to identify nodes in the networkThe local agent encapsulates the data and retransmits them to and to create a dynamic mapping with its locator (IPthe foreign agent at the visited network. The foreign agent address). In other words, the host identification layerretransmits the data to the MN. A mapping (or indirection) of corresponds to an indirection point between the HI and thethe home-address with the respective care-of-address is host locator.required. Therefore, in Mobile IP devices can change its The communication between hosts using HIP is not tied tolocation without loss in connectivity. Figure 1 illustrates Mobile the dual semantics of the IP address, allowing a host to beIP functionality. uniquely identified in the application and transport layers through the new namespace and located by IP address. Briefly, the HIP does not use the IP address as a node identifier, since it decouples upper layers from network layer Therefore, a node can move without losing its active connections. The host identity (HI) is static and globally unique. It was developed thinking in the TCP/IP stack, but there is the possibility to use it with other protocol stacks. This feature makes HIP an interesting solution for post-IP or non-IP technologies. In addition, each HI is uniquely associated with a host and it is the result of a cryptographic hash function. The purpose of using encryption to create hostFig. 1. Mobile IP functionality. identifiers is the possibility to authenticate connections in Despite the mobility support offered by Mobile IP approach non-trusted networks. Moreover, the public key-basedand its great popularity in cellular networks, in [4] it is shown encryption allows each name to be considered statisticallythat there is a considerable communication efficiency loss, since unique in a global environment.tunneling increases overhead. Besides efficiency, there is the Figure 2 partially illustrates TCP/IP protocol stack (left) intriangular routing problem, where a packet destined to the MN contrast to the new HIP protocol stack (right). In the latter,needs to visit its home network before being routed to the the host identifier and its locator are separated from eachcurrent location. This introduces an extra delay, which could bevery high for real time interactive communications. Mobile other. The IP address will continue to act as a locator, whileIPv6 avoids triangular routing using a routing optimization the HI is responsible for identifying the end host.approach, where packets can be send directly to the care-of-address agent.B. HIP – Host Identity Protocol According to several references in literature [6][7][8], thestandard Mobile IP does not fully solve the problems ofmobility and safety on the Internet, because it relies on the IProuting to route packets, where a malicious user canimpersonate another and make a Denial of Service (DoS)attack. For example, through false address notification Fig. 2. Current Internet (left) and HIP protocol (right) [6].messages. C. LISP – Locator Id Separation Protocol According to [8], there are three critical flaws in the currentInternet namespace. Firstly, the dynamic readdressing can not LISP [9] is a proposal from Cisco Systems with a similarbe managed directly; secondly, the anonymity can not be goal to those of HIP and Mobile IP protocols, i.e. to supportprovided consistently and reliably; finally, there is no mobility and multihoming in TCP/IP networks. However,authentication for systems and packets. These deficiencies stem LISP protocol is based on address mapping between edgefrom the fact that the current computing platforms inefficiently and core IP networks and IP tunneling over UDP (Useruse the current namespace. Datagram Protocol) for packet delivery. According to [9], However, other proposals have been studied. HIP [8] (RFC LISP is a protocol used to implement IP address separation4423) is an alternative to Mobile IP protocol and it is based on in EIDs (Endpoint Identifiers) and RLOCs (Routingcreating a new namespace, which provides a static name to the Locators). This mechanism requires neither changes in thehost in order to uniquely identify them. Thus, a given IP end hosts, nor changes in the infrastructure of existingaddress is used only for the location of host on the network databases.
  • 3. LISP deployment occurs at edge routers of an IP network, performance and to support mobility; (iii) separation of thewhose IP addresses are used as routing locators (RLOC) for identifier and locator to provide transparency to thehosts on their domain. These routers are responsible for application and transport layers.mapping EIDs on hosts locators [10]. Also according to [7], a domain represents a group of Since the target domain has been determined by the ITR hosts in the same hierarchy and it is responsible for(Ingress Tunnel Router), this router performs a search for a assigning the identifier for entities in its scope. Domainsmap in an RLOC EID to determine the routing path to the from the same hierarchy establish trust relations, while theETR (Egress Tunnel Router). Packets sent to the recipient are zone is a topologically aggregated physical unit responsibleencapsulated (a datagram inserted into another) in the ITR for assigning and aggregating hosts connected to them. The logical link between a domain and a zone iswith a new header, where the destination IP address in the maintained by the RZBS (Zone Bridging Realm Server).datagram is configured as the destination RLOC IP address. This server can be designed considering particularities of aThis RLOC is responsible for routing to the destination certain domain hierarchy. In other words, a domaindomain. In the area of the recipient, the ETR will decapsulate authority is responsible for identifying hosts belongingthe packet and route it according to the EID of the destination logically to him, while a zone authority holds thehost. This process creates a tunnel between the edge routers. information of one or more addresses or locators of suchFigure 3 illustrates the operation of LISP. hosts. The RZBS takes care of mapping domains and zones, dynamically mapping host identifiers on locators. Figure 4 illustrates MILSA.Fig. 3. LISP functioning [11]. Consider the scenario of Figure 3, where the SourceNode(EID = 1.0.0.1) wants to communicate with the Fig. 4. MILSA conceptual architecture [7].DestinationNode (EID = 2.0.0.2). Since the ITR (RLOC =11.0.0.1) knows the chosen destination ETR (RLOC = The two terminals MILSA user identifiers illustrated in12.0.0.2), it encapsulates the data containing the EID of Figure 4 could be "User-1.Subdomain-1.Domain-A" andSourceNode and sends them to the DestinationNode ETR. "User-2.Subdomain-2.Domain-B", respectively. TheThe ETR, in turn, receives data and forwards them to the leftmost part of the identifier would be designed as flat andDestinationNode through its EID 2.0.0.2. In other words, the the rest of the name could be conceived in a hierarchical manner, in order to represent the logical position at theSourceNode knows the EID identifier of the DestinationNode domain hierarchy. Figure 5 illustrates name composition inand the ITR knows ETR RLOC`s locator. MILSA. Despite the overhead added by this encapsulation and theinflexibility to use LISP in post-IP or non-IP architectures,there are many benefits achieved by separating the currentaddress space in EIDs and RLOCs: (i) the routing table sizereduction at the DFZ (Default-Free Zone); (ii) themultihoming support for sites that are connected to different Fig. 5. MILSA name formation example.service providers (in which they can control their own flowpolicies); and (iii) the easier IP readdressing when customers The flat part of the name must be unique in thechange service operators [9]. subdomain to avoid conflicts and it can be created based on public key encryption or hash algorithms. If both users are D. MILSA – Mobility and Multihoming Supporting in the same subdomain, there is no need to use full names, Identifier Locator Split Architecture it is necessary, therefore, only the leftmost part of the name. The MILSA architecture [7] was proposed as a solution tothe problems of naming, addressing and routing in the current E. Akari ID/Loc Decoupling ApproachInternet. There are three principles adopted in MILSA: (i) The Akari [1] project involves Japanese government,separation of trust relations, called domains, and the relations universities and the private sector to design and implementof connectivity, called zones; (ii) separation between the a new generation network by the year 2015. The projectsfunctions of signaling and data plan, in order to improve motto is "a little light in the darkness that points to the
  • 4. future" and its philosophy is to seek the ideal architecture for host’s proprietary public key, in a process similar to whata new generation network. happens on HIP with the HIT (Host Identity Tag). Such Akari Project has three basic principles that underlie the HIDs are released on the network or to a name resolutioncreation of a new generation network: (i) the KISS (Keep It system, while host’s proprietary private key is keptSimple, Stupid) principle, which states that the network layer confidential to enable further authentication. The HIDshould be kept as simple as possible; (ii) real world based delivery is used in access or edge networks. Forconnection principle, which supports the interaction of the global scale, MCP approach is to form HIDs hierarchically,virtual world with the real world and that confirms the including Autonomous System (AS) number [14].necessity identification and location decoupling; and (iii), the To locate the backbone nearby some host, MCP uses aprinciple of sustainable development, which means that the network locator (LOC). It is used to delivery data packetsnetwork must become a free environment for progress and between core backbones. At the access or edge networks,development, being able to meet societys demand for many HIDs are used to communicate. To support host mobility,decades [1]. network locator is updated to reflect its current position, The Akari proposed architecture uses distinct sets of while HID remains static. Mapping (or indirectionentities to identify and locate hosts on the network. However, resolution) between LOC and HID is dynamically donethis proposal is quite different from those previously through a system called LBS (LOC Binding System).mentioned, since it is independent of the interconnection Figure 7 illustrates MCP protocol stack compared totechnology. In other words, the solution proposed by the TCP/IP.Akari project can be applied in post-IP or non-IP networks. Akari identifiers can be hierarchical or flat. Identifiershierarchically established can support greater networkcoverage and scalability as well as to provide tips to locatorsresolution. However, they may require a central authority toassign its hierarchical components. Moreover, the flatidentifiers allow network nodes to create your identifiersautonomously. The project authors consider very importantfor both types of identifiers the deployment of a highavailability identification/location mapping database [1]. Also according to Harai [1], a host can be identified by twoways: by name and/or by its identifier (ID). A name can belocal or global. Local names are unique on the local networkand are used for host identification and network management.These names are generated by the combination ofrepresentative host related words, i.e. their function incontext, owner, serial number or date and time of installationof the host on the network. Consider the protocol stack of Figure 6. The applicationlayer sends data to the transport layer through an interfaceidentified by the primary source and destination IDs, inaddition to the related application port number. The transportlayer, in turn, inserts the transport header in the packet andsends it to the identity layer through another interface alsoidentified the primary ID. In the identity layer, the primaryidentifier is mapped to an active identifier, which is inserted Fig. 6. Akari proposal for an identity layer between transport and network layers. Adapted from [1].in the header of this layer. A second mapping between theactive identifier and the host locators is also done by thisidentity layer. Then, this layer inserts the active identifier inthe packet and sends this packet to the network layer throughan interface identified by source and destination locators.Finally, the source and destination locators are entered intothe network layer header and the packet is then sent to itsdestination. F. MCP – Mobility Control Protocol Fig. 7. TCP/IP stack (left) compared to MCP (right). MCP is a South Korean approach to deal with host mobilityin future networks. It was developed on the scope of MOFI MCP network layer is divided into two sublayers: host(Mobile Oriented Future Internet) project. According to [14], communication sublayer and packet delivery sublayer.hosts are uniquely and statically identified by a HID (Host Host communication contains two protocols: ADP (AccessIdentifier). HIDs are obtained by a 128 bits hash function of a
  • 5. Delivery Protocol) and BDP (Backbone Delivery Protocol), Akari identifiers are totally flexible, independent of therespectively used on access and backbone networks. interconnection technology. In addition, they are created based on the result of a hash function of the host name, III. COMPARISON OF PRESENTED APPROACHES which in turn is legible and captures network hierarchical The choice of the naming scheme is an important starting information at local and global level.point in designing a network architecture, since many aspects Security support in Mobile IP uses IPSec, while LISP(such as security and routing) are dependent on how the security is based on the mapping process from EIDs tonames are designed. Consider Mobile IP and LISP. Both are RLOCs. HIP, MILSA, Akari and MCP use the concept ofbased on the current Internet hierarchical naming scheme. cryptographic identities to encrypt information as a way ofThey divide IP address space in two hierarchical namespaces implementing security for packets transmission.to support host ID/Loc splitting. On the other side, HIP uses a Regarding mobility, Mobile IP does not provideflat namespace to uniquely identify hosts and IP addresses to transparent support for mobility, i.e. to update the locationlocation them in the network topology. Moreover, MILSA of a mobile node the local agent must intervene creating theand Akari identifiers are partially plane and partially previously cited triangular routing. This fact implies in longhierarchical. MILSA identifiers are IP-based, but can be waiting times while updating the location records. Also, itadapted to be used with another type of protocol. can cause packet loss. The routing optimization for Mobile According to Harai [1], most of these approaches are based IPv6 attempts to address such problem, but it requireson inflexible identifiers (using IP addresses), such as Mobile considerable changes to both end hosts [7].IP and LISP, or based on identifiers generated by public key The LISP approach has some drawbacks such ascryptography, such as the HIP. The advantage of using IP- increased overhead and delays caused by the mapping ofbased identifiers is that current Internet applications can still EIDs to RLOCs. Packet loss is also a concern. In HIP,be used without change. However, these approaches are packet loss can happen when two communication terminalsinflexible and can not be used in post-IP or non-IP move at the same time.architectures. On the other side, identifiers based on public Table 1 summarizes the comparisons between the mainkey cryptography or hash functions are long and unreadable features of ID/Loc splitting protocols.for humans, despite its advantages in terms of security. TABLE I – ID/LOC SPLITTING COMPARISON TABLE. Mobile IP HIP LISP MILSA Akari MCP aming Hierarchical (IP); Flat; opaque names. Hierarchical (IP); Partially flat, Flat with a hierarchical Flat, but hierarchical Scheme legible names. legible names. partially portion. Legible names for portion being studied to hierarchical. local and global names in the work world-wide. hierarchical part. Routing Only IP – Inflexible. IP, post-IP or non-IP Only IP – Inflexible. IP routing. Can use Fully flexible. Routing IP, but can be adapted – Flexible. ROFL. Partially independent of transport to become flexible. flexible. technology. Security IPSec. Public key Related to EID- Public key Public key cryptography and Public key cryptography. Deny RLOC mapping. cryptography. hash function. cryptography and hash of service problem. function. Performance Increased overhead; Overhead on host Increased overhead, Overhead on HMS Overhead on identity layer. Overhead on HID-LOC triangular routing; identifica-tion layer. latency in EID- layer. mapping. waiting on update RLOC mappings. registration. Packet loss Due to long waiting When two terminals Can occur due to Not analyzed. Not analyzed. Not analyzed periods on record move at the same mapping delay. update. time. Internet. All approaches are concerned with security IV. CONCLUSION aspects, but some of them restricted to current IP security The host ID/Loc splitting is one of the most important solutions. Therefore, more holistic and integrated designssolutions to address the shortcomings of mobility, are required, e.g. to support trust networks; tomultihoming, security, and other problems associated with accommodate information ID/Loc splitting; to support notdual functionality of IP addresses. Although there are today only hosts mobility, but also other entities mobility; toseveral proposals to separate the identification and location of enable automatic functionalities in order to reduce humannetworked devices, as Jianli describes in [7], most of them do intervention, etc. Finally, performance is a concern innot provide a comprehensive solution for the relationship approaches that use tunneling or dual addressing. Theamong identifiers, names, locators and routing. solutions that create new layers increase the overhead, In this position paper we have provided a qualitative decreasing efficiency. Is the approach to create new layerscomparison among some important approaches for ID/Loc the best one?splitting. We can observe a great diversity of approaches. From this comparison, we identified some issues andSome maintain compatibility with IP, but are unable to open research challenges: (i) what is the most appropriatesupport experimentation and to be integrated with post-IP name scheme for a new Internet: flat, hierarchical, mixed or
  • 6. both? (ii) should routing be compatible with IP? (iii) how tosupport multi-path, multicast and anycast routing on theseproposals? (iv) how to support millions or billions ofnetworked devices in the so called Internet of Things (IoT)?In other words, how to enable scalability? (v) severalproposals for a new Internet also performinformation/location decoupling. How to create more holisticapproaches for ID/Loc splitting and indirection resolution?(vi) how to analyze performance of these and other proposals?Many of these questions need to be answered. REFERENCES[1] HARAI, Hiroaki. et al. Akari (2007) ew Generation etwork Architecture AKARI Conceptual Design (ver2.0), Available at project web site1 in March 2011.[2] IN Min-kyo, LEE Seung-yun, KIM Dae-young. Splitting mechanism for IP into Identifier and Locator in G . 2007.[3] PERKINS C. RFC3344 - IP Mobility Support for IPv4. 2002.[4] RAMACHANDRAN, Kishore. Mobile IP - deployment after a decade. 2005.[5] JOHNSON D., PERKINS C. and ARKKO J. RFC 3775 Mobility Support in IPv6. 2004.[6] BARBATO, Wander. A mobilidade na Internet com o padrão HIP. 2007.[7] JIANLI Pan, SUBHARTHI Paul, RAJ Jain, MIC Bowman. MILSA: A Mobility and Multihoming Supporting Identifier Locator Split Architecture for aming in the ext Generation Internet. 2008.[8] MOSKOWITZ, R. NIKANDER, P. RFC 4423 - Host Identity Protocol (HIP) Architecture. 2006.[9] LEWIS, D.; MEYER, D.; FARINACCI, D.; FULLER, V. Locator/ID Separation Protocol (LISP). Work in Progress. 2010. Disponível em http://tools.ietf.org/html/draft-ietf-lisp-06 LISP Draft 06, January 2010.[10] IANNONE, L., SAUCEZ, D., BONAVENTURE, O., OpenLISP: An Open Source Implementation of the Locator/ID Separation Protocol. 2009.[11] MEYER, D. The Locator/Identifier Separation Protocol (LISP). The Internet Protocol Journal, Volume 11, No. 1. Available at http://www.cisco.com/web/about/ac123/ac147/archived_issues/ ipj_11- 1/111_lisp.html. 2010.[12] CAESAR Matthew, CONDIE Tyson, KANNAN Jayanthkumar, LAKSHMINARAYANAN Karthik, STOICA Íon. SHENKER Scott ROFL: Routing on Flat Labels. 2006.[13] CAMPISTA, Miguel Elias M. et al., Interconexão de Redes na Internet do Futuro: Desafios e Soluções. 2010. Technical report available at author web site2 in March 2011.[14] KIM Ji In and KOH Seok Joo . Mobility Control Protocol for MOFI. September 2010. 1 http://akari-project.nict.go.jp/eng/conceptdesign.htm#Akari_6 2 http://www.gta.ufrj.br/ftp/gta/TechReports/CFM10.pdf. 2010.